Main Vulnerability Database Exploits ID:12168 - Exploit for Path traversal in CrushFTP - CVE-2025-32103

ID:12168 - Exploit for Path traversal in CrushFTP - CVE-2025-32103

Published: December 1, 2025

Vulnerability identifier: #VU118857

Vulnerability risk: Medium

CVE-ID: CVE-2025-32103

CWE-ID: CWE-22

Exploitation vector: Remote access

Vulnerable software:
CrushFTP

Link to public exploit:

https://packetstorm.news/files/id/190460/

Vulnerability description

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to insufficient sanitization of user-supplied passed via the /WebInterface/function/ URI to read files accessible by SMB at UNC share pathnames. A remote user can bypass SecurityManager restrictions and read contents of arbitrary files on the system.

Remediation

Install update from vendor's website.

ID:12168 - Exploit for Path traversal in CrushFTP - CVE-2025-32103

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human